3 K^@sdZddlZddlZddlZddlZddlZddlZddlZddl Zddl Zddl Zddl Zddl ZddlZddlZddlmZddlmZmZmZmZmZmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*ej+j,rddlm-Z-n ddl.m-Z-dvZ/dwZ0ej1j2j3dxdydzd{d|Z4ej5j6d-Z7ej5j8d.Z9d$Z:d/d0Z;d}d2d3Zd8d9Z?d:d;Z@dd?ZBd@dAZCdBdCZDdDdEZEdFdGZFdHdIZGed dJZHed dKZIe!ddZJe"ddZKejLeEddLdMdNZMejLeEddOdPdQZNedRdSdTdUdVZOe ddWZPe ddXZQe$ddZRe ddYZSe ddZZTedd[ZUeddd\dUdVZVeddd]dUdVZWe%d d^d_ZXe%dd`daZYe%d dbd_ZZe%d dcddZ[ed deZ\e%d!dfdgdhZ]ed"diZ^edjdkZ_e#dldmZ`edddndoZaGdpdqdqeZbGdrdsdsebZcGdtduduebZddS)~a Parsing for Tor server descriptors, which contains the infrequently changing information about a Tor relay (contact information, exit policy, public keys, etc). This information is provided from a few sources... * The control port via 'GETINFO desc/\*' queries. * The 'cached-descriptors' file in Tor's data directory. * Archived descriptors provided by `CollecTor `_. * Directory authorities and mirrors via their DirPort. **Module Overview:** :: ServerDescriptor - Tor server descriptor. |- RelayDescriptor - Server descriptor for a relay. | +- make_router_status_entry - Creates a router status entry for this descriptor. | |- BridgeDescriptor - Scrubbed server descriptor for a bridge. | |- is_scrubbed - checks if our content has been properly scrubbed | +- get_scrubbing_issues - description of issues with our scrubbing | |- digest - calculates the upper-case hex digest value for our content |- get_annotations - dictionary of content prior to the descriptor entry +- get_annotation_lines - lines that provided the annotations .. data:: BridgeDistribution (enum) Preferred method of distributing this relay if a bridge. .. versionadded:: 1.6.0 ===================== =========== BridgeDistribution Description ===================== =========== **ANY** No proference, BridgeDB will pick how the bridge is distributed. **HTTPS** Provided via the `web interface `_. **EMAIL** Provided in response to emails to bridges@torproject.org. **MOAT** Provided in interactive menus within Tor Browser. **HYPHAE** Provided via a cryptographic invitation-based system. ===================== =========== N)RouterStatusEntryV3) PGP_BLOCK_END Descriptor DigestHashDigestEncodingcreate_signing_key_descriptor_content_descriptor_components_read_until_keywords_bytes_for_block_value_values_parse_simple_line_parse_int_line_parse_if_present_parse_bytes_line_parse_timestamp_line_parse_forty_character_hex_parse_protocol_line_parse_key_block_append_router_signature_random_nickname_random_ipv4_address _random_date_random_crypto_blob) lru_cacherouter bandwidth published onion-key signing-keyrouter-signatureidentity-ed25519master-key-ed25519platform fingerprint hibernatinguptimecontact read-history write-historyeventdnsbridge-distribution-requestfamilycaches-extra-infoextra-info-digesthidden-service-dir protocolsallow-single-hop-exitstunnelled-dir-serverprotoonion-key-crosscertntor-onion-keyntor-onion-key-crosscertrouter-sig-ed25519ANYanyHTTPShttpsEMAILemailMOATmoatHYPHAEhyphaezreject 1-65535z reject *:*cCstjjjtj|jdS)N=)stemutil str_tools _to_unicodebase64 b64encoderstrip)contentrLE/tmp/pip-unpacked-wheel-1_ii6739/stem/descriptor/server_descriptor.py_truncated_b64encodesrNFcksxtd|}ttj|}ttjjj|}tt dd|}|sjtd|}t j ddd}|t||d7}n td |d}|r|dj d r|dd }tj d |}|rt|||f|Vqt|||f|Vq|r|rtd dj |PqWd S)a8 Iterates over the server descriptors in a file. :param file descriptor_file: file with descriptor content :param bool is_bridge: parses the file as being a bridge descriptor :param bool validate: checks the validity of the descriptor's content if **True**, skips these checks otherwise :param dict kwargs: additional arguments for the descriptor constructor :returns: iterator for ServerDescriptor instances in the file :raises: * **ValueError** if the contents is malformed and validate is True * **IOError** if the file can't be read rcSs|dkS)NrL)xrLrLrMsz_parse_file..zrouter-signature rTz router-digests@typeNz0Content conform to being a server descriptor: %s )r mapbytesstriprDrErFrGlistfilterrsplit startswithjoinBridgeDescriptorRelayDescriptor ValueError)Zdescriptor_fileZ is_bridgevalidatekwargs annotationsZdescriptor_contentZblock_end_prefixZdescriptor_textrLrLrM _parse_files(+      rdcCsPtd|}|j}t|dkr,td|ntjjj|dsPtd|dntjjj |dsttd|dnvtjjj |dd d std |dnNtjjj |d d d std |d n&tjjj |dd d std|d|d|_ |d|_ t |d|_|d dkrdn t |d |_|ddkr>dn t |d|_dS)Nrz,Router line must have five values: router %srz,Router line entry isn't a valid nickname: %srSz0Router line entry isn't a valid IPv4 address: %sT)Z allow_zeroz#Router line's ORPort is invalid: %sz&Router line's SocksPort is invalid: %sz$Router line's DirPort is invalid: %s0)r r[lenr`rDrE tor_toolsZis_valid_nickname connectionis_valid_ipv4_address is_valid_portnicknameaddressintor_port socks_portdir_port) descriptorentriesvalueZ router_comprLrLrM_parse_router_lines&     rxcCstd|}|j}t|dkr,td|nX|djsJtd|dn:|djshtd|dn|djstd |dt|d|_t|d|_t|d|_dS) Nrrgz3Bandwidth line must have three values: bandwidth %srz/Bandwidth line's average rate isn't numeric: %srSz-Bandwidth line's burst rate isn't numeric: %srfz0Bandwidth line's observed rate isn't numeric: %s) r r[rjr`isdigitrqaverage_bandwidthburst_bandwidthobserved_bandwidth)rurvrwZbandwidth_comprLrLrM_parse_bandwidth_lines     r}c Csdtdd||td|}tjd|}|r`|j\}|_ytjj||_ Wnt k r^YnXdS)Nr$z^(?:node-)?Tor (\S*).* on (.*)$) rr rematchgroupsoperating_systemrDversion _get_version tor_versionr`)rurvrwZplatform_match version_strrLrLrM_parse_platform_lines  rcCsftd|}|jdd}x*|jdD]}t|dkr"td|q"Wtjjj|s\td|||_ dS)Nr%rRrOrhz=Fingerprint line should have groupings of four hex digits: %sz6Tor relay fingerprints consist of forty hex digits: %s) r replacer[rjr`rDrErkZis_valid_fingerprintr%)rurvrwr%groupingrLrLrM_parse_fingerprint_line.s    rcCs`td|}|jd}tjjj|dds8td|d|d|_t|dkrV|dnd|_ dS)Nzextra-info-digestrRr(z1extra-info-digest should be 40 hex characters: %srfrS) r r[rDrErkZ is_hex_digitsr`extra_info_digestrjextra_info_sha256_digest)rurvrwZ digest_comprLrLrM_parse_extrainfo_digest_line?s    rcCs,td|}|dkrtd||dk|_dS)Nr&ri1z>Hibernating line had an invalid value, must be zero or one: %s)rir)r r`r&)rurvrwrLrLrM_parse_hibernating_lineJs  rcCsNtd|}tjd|}|s&td||j\}}|jd|_|jd|_dS)Nr1z^Link (.*) Circuit (.*)$z?Protocols line did not match the expected pattern: protocols %srR)r r~rr`rr[link_protocolscircuit_protocols)rurvrwZprotocols_matchZ link_versionsZcircuit_versionsrLrLrM_parse_protocols_lineUs     rcCstd|}g}x|D]}d|}d|kr4td||jdd\}}tjjj| rttjjj|dd rttd|tjjj|std ||j |j d j d t |tjjj|ddfqW||_ dS) Nz or-addressz or-address %s:z#or-address line missing a colon: %srST)Zallow_bracketsz+or-address line has a malformed address: %sz(or-address line has a malformed port: %s[])r r`rsplitrDrErlrmZis_valid_ipv6_addressrnappendlstriprJrq or_addresses)rurvZ all_valuesrentrylinerpportrLrLrM_parse_or_address_lineas   $  2rc Cst||}tjjj||\}}} y"| r~sz'_parse_history_line..,z%%s line has non-numeric values: %s %s)r rDruZextrainfo_descriptorZ_parse_timestamp_and_intervalr[r`setattr) keywordZhistory_end_attributeZhistory_interval_attributeZhistory_values_attributerurvrw timestampinterval remainderZhistory_valuesrLrLrM_parse_history_linexs   rcCsHt|drD|jr0tjjj|jddkr0t|_ntjj|j|_|`dS)N_unparsed_exit_policyrz reject *:*) hasattrrrDrErFrGREJECT_ALL_POLICY exit_policy ExitPolicy)rurvrLrLrM_parse_exit_policys  rcCs0tddd|||jr,tjjjj|j|_dS)Nzidentity-ed25519ed25519_certificatez ED25519 CERT)rrrDru certificateZEd25519CertificateZ from_base64)rurvrLrLrM_parse_identity_ed25519_linesred25519_master_keyed25519_certificate_hashread_history_endread_history_intervalread_history_valueswrite_history_endwrite_history_intervalwrite_history_valuesz ipv6-policyexit_policy_v6cCs tjj|S)N)rDrMicroExitPolicy)vrLrLrMrQsrQ)funcallow_single_hop_exitsallow_tunneled_dir_requestsis_hidden_service_dirextra_info_cachebridge_distributioncCst|jdS)NrR)setr[)rrLrLrMrQscCs|dkS)NrrL)rrLrLrMrQs onion_keyzRSA PUBLIC KEYonion_key_crosscertZ CROSSCERT signing_key signature SIGNATUREntor_onion_keyntor_onion_key_crosscertz ED25519 CERTntor_onion_key_crosscert_signed25519_signaturezrouter-digest-sha256router_digest_sha256z router-digest_digestT)Zallow_negativec'seZdZdZdefdefdefdefdefdefdefdefdefde fde fde fde fe e fe efeefdefdefdefdefdefdefdefdefdefiefdefdefdefdefdefgefdefdefdefdefdefdefd&Zeee eeeeeee eeeeee eeeeeeedZ dfdd Z!e"j#e$j%fdd Z&e'd d Z(d d Z)ddZ*ddZ+ddZ,ddZ-ddZ.Z/S)ServerDescriptora Common parent for server descriptors. :var str nickname: **\*** relay's nickname :var str fingerprint: identity key fingerprint :var datetime published: **\*** time in UTC when this descriptor was made :var str address: **\*** IPv4 address of the relay :var int or_port: **\*** port used for relaying :var int socks_port: **\*** port used as client (**deprecated**, always **None**) :var int dir_port: **\*** port used for descriptor mirroring :var bytes platform: line with operating system and tor version :var stem.version.Version tor_version: version of tor :var str operating_system: operating system :var int uptime: uptime when published in seconds :var bytes contact: contact information :var stem.exit_policy.ExitPolicy exit_policy: **\*** stated exit policy :var stem.exit_policy.MicroExitPolicy exit_policy_v6: **\*** exit policy for IPv6 :var BridgeDistribution bridge_distribution: **\*** preferred method of providing this relay's address if a bridge :var set family: **\*** nicknames or fingerprints of declared family :var int average_bandwidth: **\*** average rate it's willing to relay in bytes/s :var int burst_bandwidth: **\*** burst rate it's willing to relay in bytes/s :var int observed_bandwidth: **\*** estimated capacity based on usage in bytes/s :var list link_protocols: link protocols supported by the relay :var list circuit_protocols: circuit protocols supported by the relay :var bool is_hidden_service_dir: **\*** indicates if the relay serves hidden service descriptors :var bool hibernating: **\*** hibernating when published :var bool allow_single_hop_exits: **\*** flag if single hop exiting is allowed :var bool allow_tunneled_dir_requests: **\*** flag if tunneled directory requests are accepted :var bool extra_info_cache: **\*** flag if a mirror for extra-info documents :var str extra_info_digest: upper-case hex encoded digest of our extra-info document :var str extra_info_sha256_digest: base64 encoded sha256 digest of our extra-info document :var bool eventdns: flag for evdns backend (**deprecated**, always unset) :var str ntor_onion_key: base64 key used to encrypt EXTEND in the ntor protocol :var list or_addresses: **\*** alternative for our address/or_port attributes, each entry is a tuple of the form (address (**str**), port (**int**), is_ipv6 (**bool**)) :var dict protocols: mapping of protocols to their supported versions **Deprecated**, moved to extra-info descriptor... :var datetime read_history_end: end of the sampling interval :var int read_history_interval: seconds per interval :var list read_history_values: bytes read during each interval :var datetime write_history_end: end of the sampling interval :var int write_history_interval: seconds per interval :var list write_history_values: bytes written during each interval **\*** attribute is either required when we're parsed with validation or has a default value, others are left as **None** if undefined .. versionchanged:: 1.5.0 Added the allow_tunneled_dir_requests attribute. .. versionchanged:: 1.6.0 Added the extra_info_sha256_digest, protocols, and bridge_distribution attributes. .. versionchanged:: 1.7.0 Added the is_hidden_service_dir attribute. .. versionchanged:: 1.7.0 Deprecated the hidden_service_dir field, it's never been populated (:spec:`43c2f78`). This field will be removed in Stem 2.0. NF)&ror%r(rrrprrrsrtr$rrr'rrr-rzr{r|rrrr&rrr1rrrr+rrrrrrrr)rrr$rr%r(r&zextra-info-digestzhidden-service-dirr'r1zntor-onion-keyz or-addressz read-historyz write-historyz ipv6-policyzallow-single-hop-exitsztunnelled-dir-serverr4zcaches-extra-infozbridge-distribution-requestr-r+cstt|j|| d|r|ng|_ttjjj||d d d\}|_ dg|_ |r|j ||t |||r|j r|jr|j dkr|jtjjd krtd |j|j f|j|n||_d S)a Server descriptor constructor, created from an individual relay's descriptor content (as provided by 'GETINFO desc/*', cached descriptors, and metrics). By default this validates the descriptor's content as it's parsed. This validation can be disables to either improve performance or be accepting of malformed data. :param str raw_contents: descriptor content provided by the relay :param bool validate: checks the validity of the descriptor's content if **True**, skips these checks otherwise :param list annotations: lines that appeared prior to the descriptor :raises: **ValueError** if the contents is malformed and validate is True )Z lazy_loadacceptrejectr(r$)Zextra_keywordsZnon_ascii_fields2rz0.1.2.7z;Descriptor for version '%s' had a negative uptime value: %iN)rr)r(r$)superr__init___annotation_linesr rDrErFrGrZhidden_service_dir_parserr'rrVersionr`_check_constraints_entries)self raw_contentsrarcrv) __class__rLrMrVs    zServerDescriptor.__init__cCs tddS)a Digest of this descriptor's content. These are referenced by... * **Consensus** * Referer: :class:`~stem.descriptor.router_status_entry.RouterStatusEntryV3` **digest** attribute * Format: **SHA1/BASE64** .. versionchanged:: 1.8.0 Added the hash_type and encoding arguments. :param stem.descriptor.DigestHash hash_type: digest hashing algorithm :param stem.descriptor.DigestEncoding encoding: digest encoding :returns: **hashlib.HASH** or **str** based on our encoding argument zRUnsupported Operation: this should be implemented by the ServerDescriptor subclassN)NotImplementedError)r hash_typeencodingrLrLrMdigestszServerDescriptor.digestcCsBi}x8|jD].}d|kr2|jdd\}}|||<q d||<q W|S)aT Provides content that appeared prior to the descriptor. If this comes from the cached-descriptors file then this commonly contains content like... :: @downloaded-at 2012-03-18 21:18:29 @source "173.254.216.66" .. deprecated:: 1.8.0 Users very rarely read from cached descriptor files any longer. This method will be removed in Stem 2.x. If you have some need for us to keep this please `let me know `_. :returns: **dict** with the key/value pairs in our annotations rRrSN)rr[)rZannotation_dictrkeyrwrLrLrMget_annotationss   z ServerDescriptor.get_annotationscCs|jS)ao Provides the lines of content that appeared prior to the descriptor. This is the same as the :func:`~stem.descriptor.server_descriptor.ServerDescriptor.get_annotations` results, but with the unparsed lines and ordering retained. .. deprecated:: 1.8.0 Users very rarely read from cached descriptor files any longer. This method will be removed in Stem 2.x. If you have some need for us to keep this please `let me know `_. :returns: **list** with the lines of annotation that came before this descriptor )r)rrLrLrMget_annotation_linessz%ServerDescriptor.get_annotation_linescCs x$|jD]}||kr td|q Wx4|jD](}||kr0t||dkr0td|q0W|j}|r|t|jdkrtd||j}|r|t|jdkrtd|d|jkrd|jkrtd n dt|jdd krtd |jstd d S)z Does a basic check that the entries conform to this descriptor type's constraints. :param dict entries: keyword => (value, pgp key) entries :raises: **ValueError** if an issue arises in validation z!Descriptor must have a '%s' entryrSz3The '%s' entry can only appear once in a descriptorrz'Descriptor must start with a '%s' entryz%Descriptor must end with a '%s' entryzidentity-ed25519zrouter-sig-ed25519zKDescriptor must have router-sig-ed25519 entry to accompany identity-ed25519rfNzCDescriptor must have 'router-sig-ed25519' as the next-to-last entryz`_) :var stem.certificate.Ed25519Certificate certificate: ed25519 certificate :var str ed25519_certificate: base64 encoded ed25519 certificate :var str ed25519_master_key: base64 encoded master key for our ed25519 certificate :var str ed25519_signature: signature of this document using ed25519 :var str onion_key: **\*** key used to encrypt EXTEND cells :var str onion_key_crosscert: signature generated using the onion_key :var str ntor_onion_key_crosscert: signature generated using the ntor-onion-key :var str ntor_onion_key_crosscert_sign: sign of the corresponding ed25519 public key :var str signing_key: **\*** relay's long-term identity key :var str signature: **\*** signature for this descriptor **\*** attribute is required when we're parsed with validation .. versionchanged:: 1.5.0 Added the ed25519_certificate, ed25519_master_key, ed25519_signature, onion_key_crosscert, ntor_onion_key_crosscert, and ntor_onion_key_crosscert_sign attributes. .. versionchanged:: 1.6.0 Moved from the deprecated `pycrypto `_ module to `cryptography `_ for validating signatures. .. versionchanged:: 1.6.0 Added the certificate attribute. .. deprecated:: 1.6.0 Our **ed25519_certificate** is deprecated in favor of our new **certificate** attribute. The base64 encoded certificate is available via the certificate's **encoded** attribute. .. versionchanged:: 1.6.0 Added the **skip_crypto_validation** constructor argument. zserver-descriptorN) rrrrrrrrrr)zidentity-ed25519zmaster-key-ed25519zrouter-sig-ed25519z onion-keyzonion-key-crosscertzntor-onion-key-crosscertz signing-keyzrouter-signatureFcstt|j||||r|jrVtjt|jj}||jj krVt d|jj |f| rt j j r|j|j|j}||jkrt d||jf|jrt j j r|j|j|j}||jkrt d||jft j j ddr|jr|jj|dS)Nz^Fingerprint does not match the hash of our signing key (fingerprint: %s, signing key hash: %s)zHDecrypted digest does not match local digest (calculated: %s, local: %s)z\Decrypted onion-key-crosscert digest does not match local digest (calculated: %s, local: %s)T)Zed25519)rr_rr%hashlibsha1r r hexdigestlowerr`rDprereqZis_crypto_availableZ_digest_for_signaturerrrr_onion_key_crosscert_digestrra)rrrarcskip_crypto_validationZkey_hashZ signed_digestZonion_key_crosscert_digest)rrLrMrGs   zRelayDescriptor.__init__c Cs8|rd}|dkri}|dkr t}ddttffdtfdgddt|jDd td fd td fg}|r|rd |krtd n|rd |krtd|dkrt}d|krt j t t j jj|jjjj}djt j jj|d|d<|j|d <t|||d}t||jSt|||dd tdffSdS)NTrz%s %s 9001 0 0rr153600 256000 104590cSsg|]}t|jddqS)rRrS)tupler[)rrrLrLrMrpsz+RelayDescriptor.content..z onion-keyzRSA PUBLIC KEYz signing-keyz=Cannot sign the descriptor if a signing-key has been providedzrouter-signaturezBCannot sign the descriptor if a router-signature has been providedr%rRrhs router-signature router-sig-ed25519r)rr )rN)rrrrstr splitlinesrr`rrrr rDrErFrGZ public_digestrXrupperr]Z_split_by_lengthrrprivate) clsattrexcludesignrrZ base_headerr%rKrLrLrMrK`s24    &  zRelayDescriptor.contentTcCs||j||||||| dS)N)rar )rK)rrrrarrrrLrLrMcreateszRelayDescriptor.createcCsZ|jddd}|tjkr,tjjtj||S|tjkrJtjjtj ||St d|dS)z Provides the digest of our descriptor's content. :returns: the digest string encoded in uppercase hex :raises: ValueError if the digest cannot be calculated rz router-signature )startendzGServer descriptor digests are only available in sha1 and sha256, not %sN) Z_content_rangerrrDruZ_encode_digestrrSHA256sha256r)rrrrKrLrLrMrs   zRelayDescriptor.digestc Cs|jstddj|jttjtjj j |jttjtjj j |j |j j d|jt|j|jrnt|jndgd|j|jjjddd}|jrd |j|d <|jrd d |jD|d <|jrdt|jj|d<tj|S)z Provides a RouterStatusEntryV3 for this descriptor content. .. versionadded:: 1.6.0 :returns: :class:`~stem.descriptor.router_status_entry.RouterStatusEntryV3` that would be in the consensus zmServer descriptor lacks a fingerprint. This is an optional field, but required to make a router status entry.rRz%Y-%m-%d %H:%M:%Sriz Bandwidth=%iz, r)rwpzTor %srcSsg|]\}}}d||fqS)z%s:%srL)raddrr_rLrLrMrsz.az ed25519 %sid)r%r`r]rorNbinascii unhexlifyrDrErF _to_bytesrrstrftimerprrrrtrzrsummaryrrrrrrr)rrrLrLrMmake_router_status_entrys&  z(RelayDescriptor.make_router_status_entrycCsJtjt|jj}|tjtjj j |j d}tjj j t j|jS)z Provides the digest of the onion-key-crosscert data. This consists of the RSA identity key sha1 and ed25519 identity key. :returns: **unicode** digest encoded in uppercase hex :raises: ValueError if the digest cannot be calculated rC)rrr rrrH b64decoderDrErFr%rrGr#hexlifyr)rZsigning_key_digestdatarLrLrMr s z+RelayDescriptor._onion_key_crosscert_digestcs8tt|j||jr4|js&tdn|js4tddS)NzMDescriptor must have a 'onion-key-crosscert' when identity-ed25519 is presentzLDescriptor must have a 'router-sig-ed25519' when identity-ed25519 is present)rr_rrrr`r)rrv)rrLrMrs  z"RelayDescriptor._check_constraints)FNF)rrrrTYPE_ANNOTATION_NAMEdictrrr_parse_master_key_ed25519_line_parse_router_sig_ed25519_line_parse_onion_key_line_parse_onion_key_crosscert_line$_parse_ntor_onion_key_crosscert_line_parse_signing_key_line_parse_router_signature_linerr classmethodrKrrrrrrrr(r rrrLrL)rrMr_s@' ,&r_c@seZdZdZdZeejfdefde fde fdZeej fee e dZ e dfdfddZ ejejfd d Zd d Zed dZddZddZddZdS)r^a Bridge descriptor (`bridge descriptor specification `_) :var str ed25519_certificate_hash: sha256 hash of the original identity-ed25519 :var str router_digest_sha256: sha256 digest of this document .. versionchanged:: 1.5.0 Added the ed25519_certificate_hash and router_digest_sha256 attributes. Also added ntor_onion_key (previously this only belonged to unsanitized descriptors). zbridge-server-descriptorN)rrr)zmaster-key-ed25519zrouter-digest-sha256z router-digestFc Cs>|rtd|jt||ddttffd dtfd d fS)NzSigning of %s not implementedrz%s %s 9001 0 0 router-digest(006FD96BA35E7785A6A3B8B75FE2E2435A13BDB4rr409600 819200 5120r*:*)r6r7)rr8)rr9)rrrrrr)rrrrrLrLrMrKszBridgeDescriptor.contentcCs.|tjkr|tjkr|jStd||fdS)NzJBridge server descriptor digests are only available as sha1/hex, not %s/%s)rrrrrr)rrrrLrLrMr szBridgeDescriptor.digestcCs |jgkS)a< Checks if we've been properly scrubbed in accordance with the `bridge descriptor specification `_. Validation is a moving target so this may not be fully up to date. :returns: **True** if we're scrubbed, **False** otherwise )get_scrubbing_issues)rrLrLrM is_scrubbeds zBridgeDescriptor.is_scrubbedcCsg}|jjds |jd|j|jr@|jdkr@|jd|jxT|jD]J\}}}| rt|jd rt|jd|qH|rH|jd rH|jd|qHWx\|jD]P}|jdr|jd |q|jd r|jd |q|jd r|jd |qW|S)z Provides issues with our scrubbing. :returns: **list** of strings which describe issues we have with our scrubbing, this list is empty if we're properly scrubbed z10.z=Router line's address should be scrubbed to be '10.x.x.x': %sZsomebodyzFContact line should be scrubbed to be 'somebody', but instead had '%s'zAor-address line's address should be scrubbed to be '10.x.x.x': %szfd9f:2e19:3bcf::zPor-address line's address should be scrubbed to be 'fd9f:2e19:3bcf::xx:xxxx': %sz onion-key z;Bridge descriptors should have their onion-key scrubbed: %sz signing-key z=Bridge descriptors should have their signing-key scrubbed: %szrouter-signature z;Bridge descriptors should have their signature scrubbed: %s)rpr\rr(rZget_unrecognized_lines)rZissuesrpr is_ipv6rrLrLrMr:s$     z%BridgeDescriptor.get_scrubbing_issuescs*dddgdg}t|fddtDS)Nz onion-keyz signing-keyzrouter-signaturez router-digestcsg|]}|kr|qSrLrL)rf)excluded_fieldsrLrMrOsz5BridgeDescriptor._required_fields..)r r)rZincluded_fieldsrL)r>rMrAs z!BridgeDescriptor._required_fieldscCs |jtS)N)rr)rrLrLrMrQszBridgeDescriptor._single_fieldscCsdS)NrL)rrLrLrMrTszBridgeDescriptor._last_keyword)rrrrr,r-rr'_parse_master_key_ed25519_for_hash_line _parse_router_digest_sha256_line_parse_router_digest_linerr5rKrrrrrr;rr:rrrrLrLrLrMr^s$    #r^)rrrrr r!)r"r#r$r%r&r'r(r)r*r+r,r-r.r/r0r1r2r3r4r5r6r7r8)r9r:)r;r<)r=r>)r?r@)rArB)FF)errHr# functoolsrr~Zstem.descriptor.certificaterDZ$stem.descriptor.extrainfo_descriptorZstem.exit_policyZ stem.prereqZstem.util.connectionZstem.util.enumZstem.util.str_toolsZstem.util.tor_toolsZ stem.versionZ#stem.descriptor.router_status_entryrZstem.descriptorrrrrrrr r r r r rrrrrrrrrrrrrr Z_is_lru_cache_availablerZstem.util.lru_cacherrrEenumEnumZBridgeDistributionrrrrrrrNrdrxr}rrrrrrrrrr.r?rrpartialrrrrrrrrrrrr0r1r3r4rr2r/r@rArrr_r^rLrLrLrM0s h     L                      Ba